New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
That was sarcasm, as in "Nobody cares about that calculation. It's the opposite of what happens in network devices where calculations are done thousands or even millions of times each seconds"
Most users don't need subnets; they have one public IP or a small public subnet that virtually never changes. And professionals like e.g. providers, well that just is part of their job.
Pardon me but actually No. As a programmer I usually don't care at all - the kernel does it, I just open and use sockets (with whatever happen to be the IP(s)).
But being at it ("programmers") let me tell you about some real problems related to IPv6.
Currently (not low spec) processors work at about 3 - 4.5 GHz which just so happens to match 32 bits, so an ideal processor with an ideal instruction set like e.g. a 'look up an element in a rather full 32-bit list and return it if existing or NULL if not' in 1 cycle. Unfortunately such ideal processors don't exist so we have to either trade time (speed) for space (memory) and/or for cost (e.g. TCAM) and still we can't deal with (low) billions of 32 bit addresses unless we shell out really big money and use expensive (and not available to just every Joe or Harry) networking ASICs, very expensive special memory, etc.
And all that with 32 bit addresses that nicely fit in both the processor word size and available memory (as in e.g. '16 GB RAM'). But we can handle, store, and work with the IP4 space albeit quite to very costly at the network core level.
Now square that number and operations and storage and memory. And then square it again ... and you are at 128 bits. Just a hint: NOBODY has 2^128 bytes RAM, nobody. And in fact nobody will ever have (well, at least not in this millenium) because we'd need our sun as power station for that and a very fat power line to the sun.
No, in fact with IPv6 that router would have handled even way less connections because your problem wasn't IP4 vs 6 but a router thatn was too weak.
No, for a simple reason: we usually do not even want all our devices to be publicly reachable. NAT isn't just a crutch, it's also a convenient safety device under your full control.
Sorry, no. Actually my ideas are largely about counter balancing or repairing rather arbitrary design decisions (e.g. DNS A only (no 'P') records) and lack of proper thinking (back then) and sheer political arbitrariness (like the us-american war ministry having and wasting more IPs than many countries have in total).
My argument is not "it's total d_g shit"!
My argument, brutally summarized, is "You idiots are about to repeat the same basic sin of back then. THINK and think properly and in a disciplined way!". My argument is that mindlessly and extremely oversizing is not better than or a solution to the problems of yester-decades carelessness and lack of intellectual discipline.
The real and true solution is cost-effective, practically feasible, and well thought out and well engineered - none of which IPv6 is. The real solutiont boils down to 64 bits, among other reasons because 64 bits happens to be the word size of the processors we know how to build and actually build and because 64 bits is plenty enough and then some.
If your system requires memory linear to the number of possible addresses, you are doing it wrong.
Memory usage should be proportional to the number of active addresses.
As you are proposing 64-bit addressing, do you have 2^64 bytes of RAM, then?
False. DNS records can convey port number. It's called SRV record.
Thank you for sharing your wisdom. But IPv6 addresses are 4 times the size of IP4 and hence need 4 times more memory no matter how many one has to store. Also many algorithm implementations don't work anymore or are impractical e.g. because they must be handled in multiple limbs and anyway don't fit within the word size.
Funny btw how the IPv6 idiots always talk about the oh so many devices needing an IP address, yet do not want to see the related table growth. So, if you argue that 64 bits are not enough and we absolutely need 128 bits, also recognize that those obviously presumed more than 4 billion times 4 billion devices will enormously blow up table size.
This "we will need way more than 4 billion times 4 billion device addresses! But we wont need to store, handle, process, etc more than a tiny, tiny fraction of all those addresses" is just one example of the sheer idiocy and nonchalance from the IPv6 idiot camp.
... and are used neither by http nor by https nor by email nor ...
Sorry, I'm not interested anymore in your foolish "but I WANT IPv6!!!" "discussions". And that actually is what drives you.
It's just like with your obtrusive push-ups propaganda here which unnerves many and is nothing to do with hosting but hey you feel it's good and right and so you annoy us with it. Similarly you utterly ignore the fact that IPv6 has failed to conquer the world for decades - for solid reasons - as well as the fact that IPv6 is a, pardon me, stupid "quantity wins!" approach to solve problems that either do not exist in the first place (like "4 billion times 4 billion addresses is not enough!") or are the result of man made deficiencies of IP4 (like wasting hundreds of millions of addresses).
Turn and bend it as you like, fact is that IPv6 is not widely accepted. Fact btw. is also that the vast majority of people on earth are extremely unlikely to have hundreds, let alone millions, of networked gadgets. One important reason, next to lack of funds, being that most people, unlike IPv6 proponents, have a properly working brain and understand that (a) even a, oh so sh_tty IP4 address does allow them to connect hundreds of devices to the internet, and (b) having their fridge and all their diverse devices on the internet actually might not be particularly smart.
Funny though in a way that the IPv6 idiots like to talk so much about all those (largely imaginary) devices needing addresses ... but hardly ever touch the really relevant question whether and how the majority of people could afford to buy those devices.
I think you make the opposite point, nobody cares about the calculations in these routers and just care if cat/porn videos work.
I was referring to sysadmins who manage networks of tens of thousands in companies with revolving personal, changing priorities, merging companies, new and closing offices, etc. You can't just think of a family of 4 as a home user.
Huh? But you can't just connect to another peer on the other side of a NAT router. Not without setting up a DMZ or port forward. Having to get your clients or customers to do that before their app works is a hassle.
IPv6 is decades old and our computing power is exponentially increased since then. The argument of underpowered doesn't seem to jive. It didn't showstop things before IPv6 became a thing.
No. It's because of the connection tracking required to track NAT specific connections. That memory is freed up in router mode and it's simpler and faster because it doesn't have to do port forwarding rules which takes cpu on every single packet.
They don't have to be. We'd still have stateful firewalls in the routers just as they do today. And firewalls in our OS.
When you mention the US war ministry, you're kinda being the political arbitrary person. The U.S. government has invested more money into IPV6 than any other country or company. They've been at the front of adoption since the start, it's just they're a government and they work as fast as cold molasses going up a hill. But IP subnetting requires preplanning, and you can't do that effectively when you don't know the maximum network count. And the US government would for sure rather have endless addresses than having IPv4 limitations.
I don't think you have solutions to the many, many use cases that would be affected by your solution.
Maybe Jason Donenfield can rewrite the networking stack in 4000 lines and replace all that shit.
Esp32's are $2. Light/electrical sockets are $10 normal price. WiFi chips with Socs are stamped out for dollars. WiFi 6 chips under $10!!! IoT is coming... even for the poor.
@TimboJones
You're arguing with jsg. They're well known for hiding illogical arguments in a layer of apparent reasonableness.
That likely changes when they have to set up a router, a network and a firewall (as very many do/have to do).
Just like for other professionals: that's just their job.
And btw. IP4 was and is good enough to allow for quite monstrously large corporations to grow ...
BY FAR less hassle than dealing with IPv6.
And again, for pros, that's their job, and for homes them boxes usually have a nice simple form to add/change/delete NAT details and it's done and works since decades.
Well, then maybe the reason why only a very small percentage of users, both small and large, haven't accepted IPv6 is due to some weird religious thing. Because according to the pro IPv6 crowd the reasons can not be technical, complexity, cost, non existing ASICs or the simple fact that nobody in his right mind things that we need 4 billion times 4 billion times 4 billion IP addresses ...
Pardon me but this is getting ridiculous. But if you really think that writing firewall rules for IPv6 is simpler than writing NAT rules I respect that. And you kindly respect that I see it differently.
That may be so but I don't care. All I see that they waste more addresses than many countries, which btw isn't even a smart thing (as opposed to private ranges) wrt security.
And I think you are wrong. Simple reason: my major issue is the 128 bits and all the problems coming with that. If IPv6 had 64 bits I'd probably not argue.
Plus, and I'm definitely not alone with that, I dislike that IPv6 is not just 'more addresses' but significant changes in the way networks work - with many of those changes doubted by many incl. experts.
For the poor in first world countries maybe, but it's quite different when people earn less than $10 per day. Plus, look at the real world. The vast majority still has zero Pi, ESP, etc. etc. boards, plus those who have such boards have the vast majority of them not connected to the internet. Plus: how many such boards and other devices (smartphones, PCs etc.) are we supposed to have in say 20 years on average (average household)? 10? 100? 1000?
If your answer to that is halfway reasonable and realistic then 64-bit addresses will be more than sufficient.
Well, at least I argue ... rather than doing ad hominems as you do ...
That argument is so fucking invalid
Because? You say so?
But hey, I change my wording to "$10/day available income", OK. Because that is realistic; in fact I know people in Europe for whom that is true.
Because of the comment, you were replying to already invalidating you...
Because you say so. Will I have to address you as "your honor" from now on.
BS!
I live in Europe where I with my mom have approx 10 - 20 USD per day available income...
Oh shit, I have ipv6 enabled on all my devices who would've thought. That's impossible right, ipv6 enabling costs too much right...
Dude it costs as much as enabling IPv4
For most users, they get a modem/gateway from their cable/dsl provider and if uPnP is turned on, they've never logged into it. I see the majority of SSID's broadcasting around me on the default ISP SSID. It would be just the same with IPv6.
And lots of industries have the professionals develop new standards along the way to make their jobs easier.
You can't argue that point both ways pointing out the waste in IPv4 efficiency. Everytime you split a subnet, you lose IP's to overhead and limit the number of users. Allow large subnets and you have waste. Pick a lane.
So it puts added burden on developer to deal with ports and NAT IP's and end user to preconfigure instead of no hassle with IPv6 with their own endpoints. Takes manual labour and reconfiguration when router replaced.
The reasons for slow adoption are known and religion isn't one of them. Costs and complexity are reasons, but a lack of mandatory switch is primarily the reason. If the World wanted to be IPv6 dominant in 3 years, the big 8 countries just need tax incentives like the Y2K years and it would happen.
It's not simpler or more difficult, really. The NAT rule is actually two rules but most routers add the firewall rule when adding the port forward rule.
They were using them for years before some countries had internet to begin with. You have some problem with them being there from day 1? I believe in the social services that benefit people from a country (health care, education, etc), but you're basically saying there should be World socialism for IPv4 IP's? This seems like an odd argument. The US uses a shitload more electricity and water per person than most other countries, should they give up water and power for free to other countries? Or is it better to work on a new system where everyone has enough resources of their own?
I don't think this is near as big an issue as you seem to think.
Change needs to happen for things to get better. Change can't be voided and doesn't need to be.
What? All those $2 devices have connections to the internet. I'm a single guy and there's over 50 Mac addresses on my home network. My brother with three kids has over 80.
But overall, your point is irrelevant as to the total amount. It is sufficient to be that we can be super wasteful and inefficient and still not run into address exhaustion. We don't need to know what the actual address exhaustion number would be if we far exceed it.
Learn to read properly. That was not my argument. You are arguing against a (wrong) deduction in your head and not against what I said.
Correct - minus that all their devices were reachable through the internet, which considering the very lamentable security of most IoI devices wouldn' t be smart. Or they employ the IPv6 equivalent of NAT (or configure their firewall or ...).
The same is true for IP4
No, I don't. I don't have to because there are /8 private ranges where even 1000 lost IPs aren't a problem.
No, not on a developer but on a sys/net admin. But you are right, for home users that's indeed a small burden.
At the same time though home users are major group within those not wanting IPv6.
Read your sentence again. It boils down to you want to FORCE IPv6 on everyone.
Thanks, no more questions ...
When the world changes - and it has changed a lot - then they must adapt. In particular as they don't loose anything because any military typically does not want most of its equipment being reachable from the internet.
And kindly note that I didn't say "strip them, beat them up, and then burn them!". What I'm talking about is only waste, so if they needed say a /16 I'd have no problem with that. The same goes for the many, many corporations, education and other institutes who still have insanely large ranges.
So, YES, I think that a whole country with say 20 million people getting say 1 mio more IP addresses is more important than some military wasting some hundred mio. IP addresses they do not really need.
You are of course free to think whatever you pleas, but I'm afraid reality and physics doesn't care too much.
That is not the point, I'm certainly not against change where and when needed. And as I said multiple times, I'm not against a new IP version (although I see it as far less urgent than many make it look like).
What I'm against is 2 points, (a) the insane and absolutely not needed 128-bits approach, and (b) needlessly changing and even replacing whole protocols.
Give me a rational, reasonable, and based on facts and real needs proposal and you'll find me open to consider it.
I believe what you say - but you are not the typical internet user but in a small minority group.
how'd this turn from nat64 to american war politics and developing countries?
I always think IP subnetting is good since it reduces the possibility of broadcast storms. A more stable network. DHCP servers and routers would make subnet changing easier.
jsg
BS, What I said wasn't about politics but about large organisations wasting huge numbers of IPs. It's not my fault that one of the worst if not the worst IP waster isn't the local cat rescue center but the us-american war department - and that's what it's all about, war; not peace, not defense, not saving street cats but wars.
Devices reachable from the Internet is something people want, something you disagree with. Remember how many IP's in /64? Yeah, you're not getting scanned in 3 minutes after coming on line like IPv4 20 years ago.
Yes, but it's a standard that was created for limited purpose and then used well beyond its designed purpose and IPv6 was designed to replace that. You can only design IPV4 standard once.
You keep ignoring that private networks are not routable and NAT is limiting. It really isn't a 1:1 replacement, or even as good.
I am not aware of said group. I can only say enterprises and companies with money have been asking for IPv6 support as mandatory features since 2007.
I'm in Canada with shitloads of IPv4 and slow IPv6 adoption. We have working service with IPV4 and even more services and capabilities when IPv6 is enabled. I can't think of any "group" of "those not wanting IPv6". They'd either not care or they'd want it. No third group of "don't want it". Their forums are filled with IPv6 requests for years.
Re-read that, please, I didn't say anything I wanted and just stated my opinion on faster adoption. When you have various parties with different goals and needs, there's no incentive to expend effort without benefit. So give the incentive. You seem to have other beliefs as to why adoption isn't higher.
Who told you that, exactly? It does make sense they don't want it reachable from public Internet, but they've been telling network manufacturers they want all their devices to be reachable and paid millions and billions in NRE's for over two decades. They can firewall and keep their network separate from the Internet and still make every device reachable.
You're talking about taking one's property/asset and giving it to another. For something that isn't a basic necessity. That's hardcore. You do know the tremendous effort to resubnet a university or HP/Coca-Cola? I don't think so or else you'd know what you're really suggesting.
You're arguing to FORCE companies and governments to give up IP ranges they've had for decades, for free, to expend resources and effort for no gain.
Yes, assign foreign residents the former IP's of military stuff. What could go wrong?
Physics? What's the price of tea in China? You're on the wrong OSI layer.
You really are. You're disregarding what are reported problems by saying they're not problems.
It's not needless and it's backward compatible. It works in parallel and not as a replacement for a long time.
You ignore them with essentially, "do your job better".
Designing a protocol for the future on " typical" instead of max/extreme is a big mistake and seems no lessons learned.
I'm guessing you've never worked in a large company or you'd have some different experience and opinions.
@yoursunny Thanks for the useful guide!
I went through the guide on CentOS 7 yesterday and have few suggestions:
ExecStartPre=ip ...
becomesExecStartPre=/usr/sbin/ip
andExecStart=true
becomesExecStart=/usr/bin/true
Disclaimer: The following two ones may be considered as nit-picking
/etc/systemd/system/
instead of `/usr/local/lib/systemd/system/I just spent hours today on internet looking for this but I couldn't find it in time
I ended up using clatd
https://github.com/toreanderson/clatd
I have little to no networking experience.
Here is my little contribution to this tutorial
add real ipv4 connectivity for applications that works only in ipv4 (optional)
note: this part of the tutorial only works on linux distributions that has systemd or upstart as a service manager (debian, ubuntu, centos and so on). if you are experienced enough you may "translate" the systemd service file to your service manager.
note²: if you are using archlinux you don't need to follow this part of tutorial because there is a clatd package available on aur: https://aur.archlinux.org/packages/clatd-git/.
install make, git, cpan/perl, gcc and tayga from your package manager (debian/ubuntu : sudo apt-get install -y make git gcc tayga perl).
clone the clatd github repository using: git clone https://github.com/toreanderson/clatd.git
change your current directory to the new directory called clatd: cd clatd.
install clatd using sudo make install.
install the required perl dependencies for clatd: cpan net::ip socket6 io::socket::inet6 net::dns.
start clatd with sudo systemctl start clatd (systemd) or initctl start clatd (upstart).
wait around 30 seconds then check if you have ipv4 connectivity using curl: curl -4 google.com.
@TimboJones
I'll keep this short. I was very polite and patient but you and others have responded to any good will and accommodation from my side with more opposition. Plus from your side you have failed to address my major argument and question and/or simply brushed aside related major technical problems, so I see neither a basis nor a need, let alone interest to really and honestly discuss the 128-bit issue.
My questions and points get vaguely hand wavingly "countered" and most of your efforts go into picking out details and blindly fighting for IPv6 as if it was a religious matter (it probably is for some here).
And finally it gets personal. But I have to disappoint you: I have worked for one of the largest american corporations and some other large corporations. So kindly at least stop personal attributions.
I'm willing to continue the discussion if and when you offer realistic and reasonable arguments for needing a 128-bit address space/why 64-bits is not sufficient. And right away front up: NO, "not designing for max/extreme is a big mistake" is NOT a sufficient and not even an acceptable argument and I counter that easily: (a) engineering is about doing it right; virtually nothing gets designed to an arbitrary extreme, and (b) shove IPv6 up your ... because why not 512 bits? Why going against your own argument ("to the extreme") and limit IPv6 to 128 bits?
Sorry but good engineering is about "certainly enough plus some reserve". Practical feasibility and costs are relevant real-world factors.
I'm surprised that a massive portion of that IP space is actually routed on the internet. Also that there are internet exchanges: https://bgp.he.net/exchange/NASA-AIX
Can you point me to any resources that share your opinions? I don't think I understand your technical issues that I haven't responded to and I haven't found another resource that might fill me in on what I'm missing.
I'm not blindly fighting for it, I recognize the train left the station. Get onboard or get out of the way.
My point was that they are huge, slow, chaotic and not well organized. Having to go to IT for something takes hours or days and a PITA for any professional who wants something right now and can have right now. You don't want to involve them unless necessary, not as a first choice.
Routing/protcol reasons, not maximum address count.
I think if you applied that to security, it would be a mistake. The edges of extreme is where bad shit happens. I'm not talking arbitrary, you are.
No, it's really not. That's how people get killed. This is what happens when anybody calls themselves an engineer. In my province, "engineer" is a protected name like Doctor where you have legal obligations and responsibility, none of this software engineer shit that people didn't even get a degree for.
I'm sure that you are capable to search for e.g. 'processor word-sizes' I'm also not helping out in that case because you act as if you knew ...
That may be the way they handle things where you live or in your mind, but where I live that's not the definition of the playing field and rules.
I see, and switching to IPv6 is done by secretaries, managers, and kitchen aids?
Feel free to think whatever you please, but I am actually working in the field.
Engineering, which btw in my country is even more toughly regulated than in yours, is largely the art of doing what is feasible and reasonable.
Any engineer worth his money will immediately notice the 128 bits and - very mistrustingly - question its supposed need, just like he would question a planned road which was planned to have a 200 feet thick asphalt layer.
I suggest to drop this (actually non-) conversation and stay friendly, simply accepting that our views and approaches are too different.
They Plan to remove the option to change the Nameserver on the Free VPS to prevent missconfiguration and Abuse. So they want to prevent that we can access v4 resources like github at all.
Change is planned to be implemented in the next Weeks
This has been updated on yoursunny.com and other sites that I can still edit.
I have three tutorials making the same mistake.
Thanks for pointing out.
It's not a Debian thing.
It's already there: "Note that I reduced the MTU of the VXLAN tunnel interface to 1420 from the default 1500."
I don't know how to prevent changing nameserver from hypervisor side.
They could overwrite
/etc/resolv.conf
and other files, and many providers are already doing that via SolusVM, but that doesn't stop me from overwriting it again in a boot script.In enterprise networks, UDP traffic to port 53 could be blocked to non-approved destinations.
I don't see how data centers would do that.
Even if they do, it'll be difficult to block DNS over HTTPS.
Also, the VXLAN approach described in the article does not involve changing nameservers.
Hey,
I can't get it to work but then again I'm a noob.
$ traceroute -n -q1 lgger.nexusbytes.com traceroute to lgger.nexusbytes.com (46.4.199.225), 30 hops max, 60 byte packets 1 172.16.41.232 3100.979 ms !H
I have (I believe) a dual-stack server at mrvm.net. I can
ping -4 <domain>
succesfully. It is a nat vps and I have only 20 ports available at range 21200-21220. I have an external IPv4 address that I can access from outside world at the ports 21200-21220. That external ip address is not visible fromip addr
, instead it has something else. Theip addr
on that server showsinet 172.16.41.212/24 brd 172.16.41.255 scope global venet0:0
Your example has your public ip as 192.0.2.1 on the dual-stack so I'm not sure how and which IP on my dual-stack corresponds to that and how I can use it on my commands, but I tried.
I'm trying the following on euserv free server (redacted ipv6 address). I just picked couple random IPv4 addresses from the same subnet as what
ip addr
shows oninet
:sudo ip link add vx84 type vxlan id 0 remote <dual's ipv6 here> local <vs4-free ipv6 here> dstport 4789
sudo ip link set vx84 mtu 1420
sudo ip link set vx84 up
sudo ip addr add 172.16.41.232/24 dev vx84
sudo ip route add 0.0.0.0/0 via 172.16.41.231
Then on dual-stack I tried:
sudo ip link add vx84 type vxlan id 0 remote <vs4-free ipv6 address> local <dual-stack's ipv6 address> dstport 4789
sudo ip link set vx84 mtu 1420
sudo ip link set vx84 up
sudo ip addr add 172.16.41.231/24 dev vx84
sudo iptables-legacy -t nat -A POSTROUTING -s 172.16.41.230/24 ! -d 172.16.41.230/24 -j SNAT --to 172.16.41.212
I tried with some other values first and it didn't work so I tried to run over with other values and it said:
RTNETLINK answers: File exists
so I searched the web for it and found thatsudo ip addr flush dev vx84
may fix that and so it did (except for the first command where we add the vx84, so I skipped that one as that command would have stayed the same anyway. (I tried changing 172.16.41.232/24.)I tried disabling ufw firewall with
sudo ufw status
to make sure it's not blocking it, but it didn't helpMy guess is that I'm using wrong ip address in place where I have something starting with 172, or that I have to specify ports somewhere somehow, as the dual-stack server can accept only incoming traffic on ports 21200-21220 on ipv4 at least... Can someone help?
Your VXLAN subnet overlaps with your NAT-ed IP's subnet, pick a different one.